Adobe has release, the 12 March 2013, during his March Patch Tuesday, one Adobe Flash security bulletin dealing with four vulnerabilities. This security bulletin has a Critical severity rating. The associated vulnerabilities have all 10.0 CVSS base score.

APSB13-09 – Security updates available for Adobe Flash Player

APSB13-09 is concerning :

  • Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.273 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android
  • Adobe AIR 3.6.0.597 SDK and earlier versions
  • Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions

CVE-2013-0646 (10.0 CVSS base score) has been discovered and privately reported by an anonymously through iDefense’s Vulnerability Contributor ProgramCVE-2013-0650 (10.0 CVSS base score) has been discovered and privately reported by a Attila Suszter of Reversing on Windows blogCVE-2013-1371 (10.0 CVSS base score) and CVE-2013-1375 (10.0 CVSS base score) have been discovered and privately reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.